From 7b4d27d1e7ab448e20bfbfcfc8cf24833db8875321430a8086547c5a17c8e902 Mon Sep 17 00:00:00 2001
From: Johannes Segitz <jsegitz@suse.com>
Date: Thu, 12 Jan 2023 07:15:56 +0000
Subject: [PATCH] Accepting request 1057911 from
 home:jsegitz:branches:security:SELinux

- Add spc_timedated.patch to allow privileged containers to use
  timedatectl (bsc#1207054)

OBS-URL: https://build.opensuse.org/request/show/1057911
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/container-selinux?expand=0&rev=24
---
 container-selinux.changes |  6 ++++++
 container-selinux.spec    |  3 +++
 spc_timedated.patch       | 12 ++++++++++++
 3 files changed, 21 insertions(+)
 create mode 100644 spc_timedated.patch

diff --git a/container-selinux.changes b/container-selinux.changes
index ef4c88c..94e0683 100644
--- a/container-selinux.changes
+++ b/container-selinux.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jan 11 14:15:06 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Add spc_timedated.patch to allow privileged containers to use
+  timedatectl (bsc#1207054)
+
 -------------------------------------------------------------------
 Thu Jul 14 08:37:48 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
 
diff --git a/container-selinux.spec b/container-selinux.spec
index d059ef9..e4a7d68 100644
--- a/container-selinux.spec
+++ b/container-selinux.spec
@@ -32,6 +32,8 @@ Summary:        SELinux policies for container runtimes
 License:        GPL-2.0-only
 URL:            https://github.com/containers/container-selinux
 Source0:        https://github.com/containers/container-selinux/archive/refs/tags/v%{version}.tar.gz
+# https://github.com/containers/container-selinux/pull/199, can be dropped after this is included
+Patch0:         spc_timedated.patch
 BuildRequires:  selinux-policy
 BuildRequires:  selinux-policy-devel
 Requires:       selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}')
@@ -47,6 +49,7 @@ SELinux policy modules for use with container runtimes.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %make_build
diff --git a/spc_timedated.patch b/spc_timedated.patch
new file mode 100644
index 0000000..57c2267
--- /dev/null
+++ b/spc_timedated.patch
@@ -0,0 +1,12 @@
+Index: container-selinux-2.188.0/container.te
+===================================================================
+--- container-selinux-2.188.0.orig/container.te
++++ container-selinux-2.188.0/container.te
+@@ -675,6 +675,7 @@ init_dbus_chat(spc_t)
+ optional_policy(`
+ 	systemd_dbus_chat_machined(spc_t)
+ 	systemd_dbus_chat_logind(spc_t)
++	systemd_dbus_chat_timedated(spc_t)
+ ')
+ 
+ optional_policy(`